Contents

image

About the Author

Foreword

Preface – Industrial Automation and Control System Security: A Component of a Nation’s Critical Infrastructure

Chapter 1 – Industrial Automation and Control System Fundamental Concepts

           Industrial Automation and Control Systems

           Industrial Automation and Control System Protocol Summary

           Issues in Industrial Automation and Control Systems Security

           Summary

           Review Questions for Chapter 1

           References

Chapter 2 – Information System Security Technology

           Information System Security Fundamentals

           Types and Classes of Attack

           Additional System Security Concepts

           Policies, Standards, Guidelines, and Procedures

           Malicious Code and Attacks

           Firewalls

           Cryptography

           Attacks Against Cryptosystems

           Virtual Private Network

           Summary

           Review Questions for Chapter 2

           References

Chapter 3 – Industrial Automation and Control System Culture versus IT Paradigms

           Differences in Culture, Philosophy, and Requirements

           Considerations in Adapting IT Security Methods to Industrial Automation and Control Systems

           IT and Industrial Automation and Control Systems Comparisons from a Standards Perspective

           Summary

           Review Questions for Chapter 3

           References

Chapter 4 – The Continuing Technological Evolution Affecting the Industrial Automation and Control Systems

           Important Technological Trends

           The Smart Grid and Technological Trends

           Mapping of Emerging Technology Issues onto an Example Automation System – The Smart Grid

           Summary

           Review Questions for Chapter 4

           References

Chapter 5 – Risk Management for Industrial Automation and Control Systems

           Risk Management

           The Insider Threat

           Threat Examples Worthy of Note

           Summary

           Review Questions for Chapter 5

           References

Chapter 6 – Industrial Automation and Control Systems Security Methodologies and Approaches

           Automation and Control System Security Standards and Guidelines

           NIST Special Publication 800-82, Guide to Industrial Control Systems Security

           ANSI/ISA-TR99.00.01-2007, Security Technologies for Industrial Automation and Control Systems

           North American Electric Reliability Corporation, Critical Infrastructure Protection Cybersecurity Standards

           NIST Special Publication 800-53, Revision 3, Recommended Security Controls for Federal Information Systems

           Department of Homeland Security, Catalog of Control Systems Security: Recommendations for Standards Developers

           AMI System Security Requirements

           Department of Defense Instruction Number 8500.2, Information Assurance (IA) Implementation

           Consolidation of Best Practices Controls for Industrial Automation and Control Systems

           Summary

           Review Questions for Chapter 6

           References

Chapter 7 – Industrial Automation and Control System Security Training

           Background

           Training Sources and Approaches

           Training Support Guidelines

           Common Training Subjects

           Summary

           Review Questions for Chapter 7

           References

Chapter 8 – Future Industrial Automation and Control System Approaches and Issues

           Automation and Control System Trends

           Formal Methods Used to Quantify and Standardize Important Concepts and Applications

           Future Smart Grid Issues and Automation Security Issues

           Summary

           Review Questions for Chapter 8

           References

Appendix A – Review Questions and Answers

Glossary and Acronyms

Bibliography